Daniel Adam Simon

US Patent:

6496928, Dec 17, 2002

Filed:

Jun 30, 1998

Appl. No.:

09/108145

Inventors:

Vinay Deo - Bellevue WA
David Tuniman - Redmond WA
Daniel R. Simon - Redmond WA

Assignee:

Microsoft Corporation - Redmond WA

International Classification:

H04L 900

US Classification:

713153, 380270, 380277

Abstract:

A system controls access to broadcast messages received by a plurality of mobile devices. Selected mobile devices are provided with a broadcast encryption key (BEK). The broadcast messages are encrypted using the BEK prior to broadcasting so that the selected mobile devices containing the BEK can decrypt the broadcast messages. The broadcast messages are then broadcast.

US Patent:

RE38070, Apr 8, 2003

Filed:

Aug 30, 1999

Appl. No.:

09/386463

Inventors:

Terrence R. Spies - Redmond WA
Jeffrey F. Spelman - Duvall WA
Daniel R. Simon - Redmond WA

Assignee:

Microsoft Corporation - Redmond WA

International Classification:

H04L 900

US Classification:

380277, 380278

Abstract:

A cryptography system architecture provides cryptographic functionality to support an application requiring encryption. decryption, signing, and verification of electronic messages. The cryptography system has a cryptographic application program interface (CAPI) which interfaces with the application to receive requests for cryptographic functions. The cryptographic system further includes at least one cryptography service provider (CSP) that is independent from, but dynamically accessible by, the CAPI. The CSP provides the cryptographic functionality and manages the secret cryptographic keys. In particular, the CSP prevents exposure of the encryption keys in a non-encrypted form to the CAPI or application. The cryptographic system also has a private application program interface (PAPI) to provide direct access between the CSP and the user. The PAPI enables the user to confirm or reject certain requested cryptographic functions, such as digitally signing the messages or exportation of keys.

US Patent:

6871276, Mar 22, 2005

Filed:

Apr 5, 2000

Appl. No.:

09/543056

Inventors:

Daniel R. Simon - Redmond WA, US

Assignee:

Microsoft Corporation - Redmond WA

International Classification:

H04L009/12
H04L009/32

US Classification:

713156, 713180, 380 30, 380 44

Abstract:

In a cryptographic system, a certificate is used to provide information regarding a client device. The certificate is blindly signed by a certifying authority to preserve the anonymity of the client device. However, information is encoded into the signature so that a content server can readily verify security attributes of the client device and make decisions regarding the delivery of electronic content to the client device based on those security attributes.

US Patent:

6907522, Jun 14, 2005

Filed:

Jun 7, 2002

Appl. No.:

10/165519

Inventors:

Dinarte Morais - Redmond WA, US
Jon Lange - Bellevue WA, US
Daniel R. Simon - Redmond WA, US
Ling Tony Chen - Bellevue WA, US
Josh D. Benaloh - Redmond WA, US

Assignee:

Microsoft Corporation - Redmond WA

International Classification:

G06F012/14

US Classification:

713 2, 713 1, 713200, 713173, 711102

Abstract:

Machine instructions comprising a bootstrap code are buried within a critical component of an electronic game console where they cannot readily be accessed or modified. A preloader portion in a read only memory (ROM) is hashed by the bootstrap code and the result is compared to an expected hash value maintained in the bootstrap code. Further verification of the boot-up process is carried out by the preloader, which hashes the code in ROM to obtain a hash value for the code. The result is verified against a digital signature value that defines an expected value for this hash. Failure to obtain any expected result terminates the boot-up process. Since the bootstrap code confirms the preloader, and the preloader confirms the remainder of the code in ROM, this technique is useful for ensuring that the code used for booting up the device has not been modified or replaced.

US Patent:

6985958, Jan 10, 2006

Filed:

Oct 22, 2001

Appl. No.:

10/003754

Inventors:

Mark Lucovsky - Sammamish WA, US
Shaun D. Pierce - Sammamish WA, US
Alexander T. Weinert - Seattle WA, US
Michael G. Burner - Redmond WA, US
Richard B. Ward - Redmond WA, US
Paul J. Leach - Seattle WA, US
George M. Moore - Issaquah WA, US
Arthur Zwiegincew - Bothell WA, US
Vivek Gundotra - Tustin CA, US
Robert M. Hyman - Sammamish WA, US
Jonathan D. Pincus - Bellevue WA, US
Daniel R. Simon - Redmond WA, US

Assignee:

Microsoft Corporation - Redmond WA

International Classification:

G06F 13/00

US Classification:

709230, 709246, 707103, 707104

Abstract:

A messaging data structure for accessing data in an identity-centric manner. An identity may be a user, a group of users, or an organization. Instead of data being maintained on an application-by-application basis, the data associated with a particular identity is stored by one or more data services accessible by many applications. The data is stored in accordance with a schema that is recognized by a number of different applications and the data service. The messaging data structure includes fields that identify the target data object to be operated upon using an identity field, a schema field, and an instance identifier field. In addition, the desired operation is specified. Thus, the target data object is operated on in an identity-centric manner.

US Patent:

6986036, Jan 10, 2006

Filed:

Mar 20, 2002

Appl. No.:

10/102036

Inventors:

Yi-Min Wang - Bellevue WA, US
Qixiang Sun - Armarillo TX, US
Daniel R. Simon - Redmond WA, US
Wilfred Russell - Redmond WA, US

Assignee:

Microsoft Corporation - Redmond WA

International Classification:

G06F 1/26

US Classification:

713153, 713168, 713171, 713200, 713201

Abstract:

A system and method is provided for handling network communications between a client and a target server on the Internet to protect the privacy and anonymity of the client. For a session between the client and the target server, a routing control server sets up a routing chain using a plurality of Web servers randomly selected from a pool of participating Web servers as routers for routing messages between the client and the target server. To prevent traffic analysis, an “onion encryption” scheme is applied to the messages as they are forwarded along the routing chain. A payment service cooperating with the routing control server allows a user to pay for the privacy protection service without revealing her real identity.

US Patent:

7096200, Aug 22, 2006

Filed:

Apr 23, 2002

Appl. No.:

10/127893

Inventors:

Yi-Min Wang - Bellevue WA, US
Qixiang Sun - Amarillo TX, US
Daniel R. Simon - Redmond WA, US
Wilfred Russell - Redmond WA, US
Lili Qiu - Bellevue WA, US
Venkata N. Padmanabhan - Bellevue WA, US

Assignee:

Microsoft Corporation - Redmond WA

International Classification:

G06Q 99/00
H04K 1/00
H04L 9/00

US Classification:

705 50, 705 1, 705 39, 705 40, 705 43, 705 44, 304401, 380 25, 380223

Abstract:

A system and method is provided for evaluating the effectiveness of data encryption for hiding the identity of the source of Web traffic. A signature is constructed from encrypted Web traffic for a Web page sent by a target Web site, and the signature is compared with archived traffic signatures obtained by accessing various Web pages of interest in advance. If the signature of the detected encrypted Web traffic matches a stored traffic signature beyond a pre-set statistical threshold, a positive match is found, and the source of the traffic is identified. Countermeasures for reducing the reliability of source identification based on traffic signature matching are provided.

US Patent:

7107463, Sep 12, 2006

Filed:

Aug 18, 2005

Appl. No.:

11/206519

Inventors:

Paul England - Bellevue WA, US
Marcus Peinado - Bellevue WA, US
Daniel R. Simon - Redmond WA, US
Josh D. Benaloh - Redmond WA, US

Assignee:

Microsoft Corporation - Redmond WA

International Classification:

G06F 12/14
H04L 9/00

US Classification:

713193, 713176

Abstract:

Manifest-based trusted agent management in a trusted operating system environment includes receiving a request to execute a process is received and setting up a virtual memory space for the process. Additionally, a manifest corresponding to the process is accessed, and which of a plurality of binaries can be executed in the virtual memory space is limited based on indicators, of the binaries, that are included in the manifest.